A machine has a network interface circuit to provide connectivity to networked machines. A processor is connected to the network interface circuit. A memory is connected to the processor and the network interface circuit. The memory stores cryptographically protected data, a data access policy and a steward group specifying individuals to administer the data access policy. The memory stores instructions executed by the processor to receive a request to access the cryptographically protected data. Authentication tokens from individuals in the steward group are collected. It is determined that the authentication tokens satisfy the data access policy to establish a data access state. A decrypted version of the cryptographically protected data is supplied to one or more of the networked machines to establish a transaction. The transaction is recorded with a distributed ledger associated with at least a subset of the networked machines.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A machine, comprising: a network interface circuit to provide connectivity to networked machines; a processor connected to the network interface circuit; and a memory connected to the processor and the network interface circuit, the memory storing cryptographically protected data, a data access policy and a steward group specifying individuals to administer the data access policy, the memory storing instructions executed by the processor to: receive a request to access the cryptographically protected data stored in memory controlled by an end-user, collect from certain networked machines, via the network interface circuit, authentication tokens from individuals in the steward group, determine that the authentication tokens satisfy the data access policy to establish a data access state, supply, in response to the data access state, a decrypted version of the cryptographically protected data to one or more of the networked machines to establish a transaction representing permissioned and conditional access to the protected data stored in the memory controlled by the end-user, and record the transaction to a distributed ledger associated with at least a subset of the networked machines.
2. The machine of claim 1 wherein the data access policy specifies a minimum number of authentication tokens from individuals in the steward group to establish the data access state.
3. The machine of claim 2 wherein the steward group includes a law enforcement official.
4. The machine of claim 2 wherein the steward group includes a court official.
5. The machine of claim 1 wherein the distributed ledger is a blockchain.
6. The machine of claim 5 wherein the blockchain stores the data access policy, the steward group and a sequence of transactions.
7. The machine of claim 1 , wherein the networked machines include a trusted identity enrollment server to supply prompts to selected networked machines associated with candidate steward group participants to enroll in the steward group.
8. The machine of claim 7 wherein the trusted identity enrollment server writes steward group data to the distributed ledger.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 2, 2018
March 30, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.